Merge branch '7.x' into backport/7.x/pr-57041

docs/discover/kuery.asciidoc

@@ -2,8 +2,8 @@
 === Kibana Query Language
 
 In Kibana 6.3, we introduced a number of exciting experimental query language enhancements. These
-features are now available by default in 7.0. Out of the box, Kibana's query language now includes scripted field support and a 
-simplified, easier to use syntax. If you have a Basic license or above, autocomplete functionality will also be enabled. 
+features are now available by default in 7.0. Out of the box, Kibana's query language now includes scripted field support and a
+simplified, easier to use syntax. If you have a Basic license or above, autocomplete functionality will also be enabled.
 
 ==== Language Syntax
 
@@ -19,8 +19,8 @@ they appear. This means documents with "quick brown fox" will match, but so will
 to search for a phrase.
 
 The query parser will no longer split on whitespace. Multiple search terms must be separated by explicit
-boolean operators. Lucene will combine search terms with an `or` by default, so `response:200 extension:php` would 
-become `response:200 or extension:php` in KQL. This will match documents where response matches 200, extension matches php, or both. 
+boolean operators. Lucene will combine search terms with an `or` by default, so `response:200 extension:php` would
+become `response:200 or extension:php` in KQL. This will match documents where response matches 200, extension matches php, or both.
 Note that boolean operators are not case sensitive.
 
 We can make terms required by using `and`.
@@ -48,9 +48,9 @@ Entire groups can also be inverted.
 
 `response:200 and not (extension:php or extension:css)`
 
-Ranges are similar to lucene with a small syntactical difference. 
+Ranges are similar to lucene with a small syntactical difference.
 
-Instead of `bytes:>1000`, we omit the colon: `bytes > 1000`. 
+Instead of `bytes:>1000`, we omit the colon: `bytes > 1000`.
 
 `>, >=, <, <=` are all valid range operators.
 
@@ -72,19 +72,20 @@ set these terms will be matched against all fields. For example, a query for `re
 in the response field, but a query for just `200` will search for 200 across all fields in your index.
 ============
 
+[[kuery-query-nested-field]]
 ==== Nested Field Support
 
 KQL supports querying on {ref}/nested.html[nested fields] through a special syntax. You can query nested fields in subtly different
 ways, depending on the results you want, so crafting nested queries requires extra thought.
- 
+
 One main consideration is how to match parts of the nested query to the individual nested documents.
 There are two main approaches to take:
 
 * *Parts of the query may only match a single nested document.* This is what most users want when querying on a nested field.
-* *Parts of the query can match different nested documents.* This is how a regular object field works. 
+* *Parts of the query can match different nested documents.* This is how a regular object field works.
  Although generally less useful, there might be occasions where you want to query a nested field in this way.
 
-Let's take a look at the first approach. In the following document, `items` is a nested field. Each document in the nested 
+Let's take a look at the first approach. In the following document, `items` is a nested field. Each document in the nested
 field contains a name, stock, and category.
 
 [source,json]
@@ -122,7 +123,7 @@ To find stores that have more than 10 bananas in stock, you would write a query
 
 `items:{ name:banana and stock > 10 }`
 
-`items` is the "nested path". Everything inside the curly braces (the "nested group") must match a single nested document. 
+`items` is the "nested path". Everything inside the curly braces (the "nested group") must match a single nested document.
 
 The following example returns no matches because no single nested document has bananas with a stock of 9.
 
@@ -138,7 +139,7 @@ The subqueries in this example are in separate nested groups and can match diffe
 
 ==== Combine approaches
 
-You can combine these two approaches to create complex queries. What if you wanted to find a store with more than 10 
+You can combine these two approaches to create complex queries. What if you wanted to find a store with more than 10
 bananas that *also* stocks vegetables? You could do this:
 
 `items:{ name:banana and stock > 10 } and items:{ category:vegetable }`

docs/release-notes/highlights-7.6.0.asciidoc

@@ -0,0 +1,69 @@
+[[release-highlights-7.6.0]]
+== 7.6.0 release highlights
+++++
+<titleabbrev>7.6.0</titleabbrev>
+++++
+
+//NOTE: The notable-highlights tagged regions are re-used in the
+//Installation and Upgrade Guide
+
+// tag::notable-highlights[]
+
+Explore the new features in Kibana 7.6.
+
+[cols="50, 50"]
+|===
+
+a| *Elastic&nbsp;Maps improvements*
+
+Color the data points on your map based on the discrete values in a categorical field.
+Add text labels to give your viewers more information about the data you’re
+overlaying on your maps.
+
+| image:release-notes/images/7-6-maps-category.png[Categorical styling in Maps]
+
+a| *Embeddable maps in Canvas*
+
+Incorporate a geospatial perspective into a Canvas workpad.
+
+| image:release-notes/images/7-6-canvas-map.png[Embedded maps in Canvas]
+
+
+a| *Lens improvements*
+
+Use scripted fields in your visualizations, just like any other field in the index.
+Rapidly reset a layer
+with a single click instead of removing data fields one at a time.
+
+| image:release-notes/images/7-6-lens-reset-layer.png[Scripted fields in Lens]
+
+a| *Nested field support*
+
+Query on nested fields using KQL.
+You can query for a user whose first name is Tom and whose
+last name is Hanks, or a user whose first name is Tom and last name is Smith.
+{kibana-ref}/kuery-query.html[Our documentation] contains examples for you to follow.
+
+| image:release-notes/images/7-6-nested-field.png[Nested field]
+
+
+
+|===
+
+[float]
+=== Learn more
+
+Get the details on these features in the {kib} 7.6 release blog.
+For a complete list of enhancements and other changes, check out the
+{kib} 7.6 release notes.
+
+// end::notable-highlights[]
+
+[float]
+=== Give 7.6 a try
+
+Try 7.6 now by deploying {es} and {kib} on
+https://www.elastic.co/cloud/elasticsearch-service/signup[Elastic Cloud] or
+by https://www.elastic.co/start[downloading them].
+Let us know what you think on Twitter https://twitter.com/elastic[(@elastic)]
+or in our https://discuss.elastic.co/c/elasticsearch[forum].

docs/release-notes/highlights.asciidoc

@@ -3,9 +3,10 @@
 
 [partintro]
 --
-This section summarizes the most important changes in each release. For the 
-full list, see <<release-notes>> and <<breaking-changes>>. 
+This section summarizes the most important changes in each release. For the
+full list, see <<release-notes>> and <<breaking-changes>>.
 
+* <<release-highlights-7.6.0>>
 * <<release-highlights-7.5.0>>
 * <<release-highlights-7.4.0>>
 * <<release-highlights-7.3.0>>
@@ -15,9 +16,10 @@ full list, see <<release-notes>> and <<breaking-changes>>.
 
 --
 
+include::highlights-7.6.0.asciidoc[]
 include::highlights-7.5.0.asciidoc[]
 include::highlights-7.4.0.asciidoc[]
 include::highlights-7.3.0.asciidoc[]
 include::highlights-7.2.0.asciidoc[]
 include::highlights-7.1.0.asciidoc[]
-include::highlights-7.0.0.asciidoc[]
+include::highlights-7.0.0.asciidoc[]

docs/user/security/authentication/index.asciidoc

@@ -12,6 +12,7 @@
 - <<pki-authentication>>
 - <<saml>>
 - <<oidc>>
+- <<kerberos>>
 
 [[basic-authentication]]
 ==== Basic authentication
@@ -214,3 +215,26 @@ leaked, it can't be re-used after logout. This is known as "local" logout.
 {kib} can also initiate a "global" logout or _Single Logout_ if it's supported by the external authentication provider and not
 explicitly disabled by {es}. In this case, the user is redirected to the external authentication provider for log out of
 all applications associated with the active provider session.
+
+[[kerberos]]
+==== Kerberos single sign-on
+
+As with the previous SSOs, make sure that you have configured {es} first accordingly. See {ref}/kerberos-realm.html[Kerberos authentication].
+
+Next, to enable Kerberos in {kib}, you will need to enable the Kerberos authentication provider in the `kibana.yml` configuration file, as follows:
+
+[source,yaml]
+-----------------------------------------------
+xpack.security.authc.providers: [kerberos]
+-----------------------------------------------
+
+You may want to be able to authenticate with the basic authentication provider as a secondary mechanism or while you are setting up Kerberos for the stack:
+
+[source,yaml]
+-----------------------------------------------
+xpack.security.authc.providers: [kerberos, basic]
+-----------------------------------------------
+
+As a reminder, the order is important as it determines the order in which each authentication provider is attempted.
+
+Kibana uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications. At the end of the Kerberos handshake, Kibana will forward the service ticket to Elasticsearch. Elasticsearch will unpack it and it will respond with an access and refresh token which are then used for subsequent authentication.

src/legacy/core_plugins/vis_type_timeseries/public/services.ts

@@ -19,13 +19,13 @@
 
 import { I18nStart, SavedObjectsStart, IUiSettingsClient, CoreStart } from 'src/core/public';
 import { createGetterSetter } from '../../../../plugins/kibana_utils/public';
-import { DataPublicPluginStart, FieldFormatsStart } from '../../../../plugins/data/public';
+import { DataPublicPluginStart } from '../../../../plugins/data/public';
 
 export const [getUISettings, setUISettings] = createGetterSetter<IUiSettingsClient>('UISettings');
 
-export const [getFieldFormats, setFieldFormats] = createGetterSetter<FieldFormatsStart>(
-  'FieldFormats'
-);
+export const [getFieldFormats, setFieldFormats] = createGetterSetter<
+  DataPublicPluginStart['fieldFormats']
+>('FieldFormats');
 
 export const [getSavedObjectsClient, setSavedObjectsClient] = createGetterSetter<SavedObjectsStart>(
   'SavedObjectsClient'